webMethods Knowlegebase : Access denied message for Active directory users in MWS (1738361)

Troubleshooting

Problem

We have an AD User: cn=lastname\, firstname has all access to MWS as an MWS Admin who can perform MWS Admin functions such as list and edit roles as long as the function doesn't need data from IS.

The AD User: cn=lastname\, firstname can login as IS Admin and has full access to IS Admin function.

The same AD user is getting "Access Denied" on the MWS functions that need to ask IS for data, e.g. Service monitor, Check Server Status (Firstname can list all the server, but get denied when click on this button), etc.

In IS server log, we notice this - the user name seems to be missing the last name part.

[15]2012-06-06 09:45:04 EDT [ISS.0012.0022C] Access Denied.

Authentication resolved to user ", firstname,ou=windows 7 users,ou=users,ou=kit,dc=kmn,dc=company,dc=com". User is not defined in any of the available user stores.

.....

[19]2012-06-06 09:45:17 EDT [ISS.0053.0002C] Access denied for user SAMLart on port 5556 -> 'soap/rpc' from 149.158.22.7.

[18]2012-06-06 09:45:10 EDT [ISS.0012.0011W] Resolution of SAML artifact "AAFtd3MgICAgICAgICAgICAgICAgIDAxODAzNjUxNDI5MjA5Nzk3MjY4" failed with exception: org.opensaml.SAMLException:

com.webmethods.portal.PortalException: [POP.012.0002.wm_xt_samlsecurityservice] The SAML artifact is invalid or has expired..

[17]2012-06-06 09:45:10 EDT [ISS.0053.0002C] Access denied for user , firstname,ou=windows 7 users,ou=users,ou=kit,dc=kmn,dc=company,dc=com on port 5556 -> 'soap/rpc' from 149.158.22.7.

[16]2012-06-06 09:45:04 EDT [ISS.0056.0003E] Unable to send mail. *For input string: ""*

[15]2012-06-06 09:45:04 EDT [ISS.0012.0022C] Access Denied. Authentication resolved to user ", firstname,ou=windows 7 users,ou=users,ou=kit,dc=kmn,dc=company,dc=com". User is not defined in any of the available user stores.

[14]2012-06-06 09:45:04 EDT [ISS.0053.0002C] Access denied for user SAMLart on port 5556 -> 'soap/rpc' from 149.158.22.7.

[13]2012-06-06 09:44:57 EDT [ISS.0012.0011W] Resolution of SAML artifact "AAFtd3MgICAgICAgICAgICAgICAgIDAxNjUyODUwMDc5MjEyNjMyMDI1" failed with exception: org.opensaml.SAMLException:

com.webmethods.portal.PortalException:

[POP.012.0002.wm_xt_samlsecurityservice] The SAML artifact is invalid or has expired..

[12]2012-06-06 09:44:57 EDT [ISS.0053.0002C] Access denied for user , firstname,ou=windows 7 users,ou=users,ou=kit,dc=kmn,dc=company,dc=com on port 5556 -> 'soap/rpc' from 149.158.22.7.

[11]2012-06-06 09:44:56 EDT [ISS.0012.0022C] Access Denied. Authentication resolved to user ", firstname,ou=windows 7 users,ou=users,ou=kit,dc=kmn,dc=company,dc=com". User is not defined in any of the available user stores.

[10]2012-06-06 09:41:49 EDT [ISS.0053.0002C] Access denied for user SAMLart on port 5556 -> 'soap/rpc' from 149.158.22.7.

The following is what is displayed in MWS (also see attached). Notice the cn has both lastname and firstname.

Lastname, Firstname cn=lastname\, firstname,ou=windows 7 users,ou=users,ou=kit,dc=kmn,dc=company,dc=com

Customer is already on MWS_8.2_SP1_Fix9 and still sees the issue.

Document Location

Worldwide

[{"Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSVYEV","label":"IBM webMethods Integration"},"ARM Category":[{"code":"a8mKe00000000AQIAY","label":"My webMethods Server (MWS)"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Windows Server 2008"}],"Version":"8.2.1"},{"Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSAWP1J","label":"IBM webMethods BPM"},"ARM Category":[{"code":"a8mKe00000000AQIAY","label":"My webMethods Server (MWS)"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Windows Server 2008"}],"Version":"8.2.1"},{"Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSFIWYE","label":"IBM webMethods B2B"},"ARM Category":[{"code":"a8mKe00000000AQIAY","label":"My webMethods Server (MWS)"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Windows Server 2008"}],"Version":"8.2.1"},{"Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSQG2X","label":"IBM webMethods Managed File Transfer"},"ARM Category":[{"code":"a8mKe00000000AQIAY","label":"My webMethods Server (MWS)"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Windows Server 2008"}],"Version":"8.2.1"}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Tips

webMethods Knowlegebase : Access denied message for Active directory users in MWS (1738361)

Troubleshooting

Problem

Document Location

Log InLog in to view more of this document

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?